Cribl Stream How-To: Configuring a Microsoft Sentinel Destination (Walkthrough)

Here’s a walkthrough of how to configure a Microsoft Sentinel Destination in Cribl Stream, Cribl’s data processing engine. We’ll focus on the setup of this in a Cribl Cloud account, Cribl’s as a service offering and the best way to take advantage of the suite of products. We’ll perform the following steps for you to follow along: First, we’ll prepare our Microsoft Azure Workspace to get the necessary components in place, such as our data collection endpoint, data collection rule, and authorizations. Next, we’ll take the results of this work and configure the Cribl Stream Sentinel Destination. And last, we’ll setup a route and do a quick test to make sure data arrives to Sentinel as expected. Cribl Docs to Have Ready: Cribl Docs “Preparing the Azure Workspace”: https://docs.cribl.io/stream/usecase-... Cribl Docs “Microsoft Sentinel Destination”: https://docs.cribl.io/stream/destinat... Cribl Docs “Microsoft Sentinel SIEM Integration”: https://docs.cribl.io/stream/usecase-... Chapters: 00:00: Overview & Steps: Setting Up a Microsoft Sentinel Destination Using Cribl Stream 00:46: A Note About Cribl Docs / “Preparing the Azure Workspace” Doc Refer to Cribl Docs “Preparing the Azure Workspace”: https://docs.cribl.io/stream/usecase-... 01:18: Walkthrough: Create Credentials for a New Azure Application Refer to Cribl Docs “Preparing the Azure Workspace - Create Credentials for a New Azure Application”: https://docs.cribl.io/stream/usecase-... 02:07: Walkthrough: Create a Data Collection Endpoint (Azure) Refer to Cribl Docs “Preparing the Azure Workspace - Create a Data Collection Endpoint”: https://docs.cribl.io/stream/usecase-... 02:48: Walkthrough: Find the Log Analytics Workspace Resource ID (Azure) Refer to Cribl Docs “Preparing the Azure Workspace - Find the Log Analytics Workspace Resource ID”: https://docs.cribl.io/stream/usecase-... 03:04: Walkthrough: Create a Data Collection Rule (Azure) Refer to Cribl Docs “Preparing the Azure Workspace - Create a Data Collection Rule”: https://docs.cribl.io/stream/usecase-... For more info about creating DCRs, refer to Cribl Docs “Microsoft Sentinel SIEM Integration - Creating Data Collection Rules” - https://docs.cribl.io/stream/usecase-... 03:04: Walkthrough: Create a Data Collection Rule (Azure) Refer to Cribl Docs “Preparing the Azure Workspace - Create a Data Collection Rule”: https://docs.cribl.io/stream/usecase-... 04:26: Walkthrough: Obtaining Your Endpoint URL (Azure) Refer to Cribl Docs “Microsoft Sentinel SIEM Integration - Obtaining Your URL”: https://docs.cribl.io/stream/usecase-... 05:08: To “…dynamically set which table data should go to,” refer to Cribl Docs “Microsoft Sentinel Destination - Internal Fields”: https://docs.cribl.io/stream/destinat... 05:21: Walkthrough: Setup the Microsoft Sentinel Destination in Cribl Stream Refer to Cribl Docs “Microsoft Sentinel Destination - Configure Cribl Stream to Output to Microsoft Sentinel”: https://docs.cribl.io/stream/destinat... 06:00: Refer to Cribl Docs “Microsoft Sentinel Destination - Authentication Settings”: https://docs.cribl.io/stream/destinat... and “Microsoft Sentinel Destination - Endpoint Configuration Options”: https://docs.cribl.io/stream/destinat... 06:24: Walkthrough: Create a Route to Send Data to the Microsoft Sentinel Instance For more information about Routes, refer to Cribl Docs “Output Router Destination”: https://docs.cribl.io/stream/destinat... 6:49: For more information about Cribl Docs “Packs”, refer to: https://docs.cribl.io/stream/packs/ 07:21: Recap, Potential Next Steps, & More Info Cribl Sandboxes: https://sandbox.cribl.io Join the Cribl Community: https://community.cribl.io ℹ️ Learn more about Cribl University and sign up for your free Cribl University account now: https://cribl.io/university/?utm_camp... 📈 Elevate your Cribl knowledge, directly login to (or sign up for) your free Cribl University account here: https://login.cribl.cloud/samlp/YvQeD... Follow Cribl: LinkedIn:   / cribl   Twitter: https://x.com/cribl_io Sign up for a free 1TB Cribl.Cloud account: https://cribl.cloud/signup/ Learn more about Cribl: https://cribl.io